Re: RFC: vioif(4) multiqueue support

[Joerg Sonnenberger <joerg%bec.de@localhost>]

On Wed, Dec 26, 2018 at 02:37:02AM +0000, Taylor R Campbell wrote:
> > +static int
> > +vioif_alloc_queues(struct vioif_softc *sc)
> > +{
> > +	int nvq_pairs = sc->sc_max_nvq_pairs;
> > +	int nvqs = nvq_pairs * 2;
> > +	int i;
> > +
> > +	sc->sc_rxq = kmem_zalloc(sizeof(sc->sc_rxq[0]) * nvq_pairs,
> > +	    KM_NOSLEEP);
> > +	if (sc->sc_rxq == NULL)
> > +		return -1;
> > +
> > +	sc->sc_txq = kmem_zalloc(sizeof(sc->sc_txq[0]) * nvq_pairs,
> > +	    KM_NOSLEEP);
> > +	if (sc->sc_txq == NULL)
> > +		return -1;
> 
> Check to avoid arithmetic overflow here:
> 
> 	if (nvq_pairs > INT_MAX/2 - 1 ||
> 	    nvq_pairs > SIZE_MAX/sizeof(sc->sc_rxq[0]))
> 		return -1;
> 	nvqs = nvq_pairs * 2;
> 	if (...) nvqs++;
> 	sc->sc_rxq = kmem_zalloc(sizeof(sc->sc_rxq[0]) * nvq_pairs, ...);
> 
> Same in all the other allocations like this.  (We should have a
> kmem_allocarray -- I have a draft somewhere.)

The limit should just be sanely enforced much, much earlier. The code
in ioif_attach already does that, so why bother.

> > diff --git a/sys/dev/pci/virtio_pci.c b/sys/dev/pci/virtio_pci.c
> > index 65c5222b774..bb972997be2 100644
> > --- a/sys/dev/pci/virtio_pci.c
> > +++ b/sys/dev/pci/virtio_pci.c
> > @@ -604,8 +677,14 @@ virtio_pci_setup_interrupts(struct virtio_softc *sc)
> > [...]
> >  	if (pci_intr_type(pc, psc->sc_ihp[0]) == PCI_INTR_TYPE_MSIX) {
> > -		psc->sc_ihs = kmem_alloc(sizeof(*psc->sc_ihs) * 2,
> > +		psc->sc_ihs = kmem_alloc(sizeof(*psc->sc_ihs) * nmsix,
> >  		    KM_SLEEP);
> 
> Check for arithmetic overflow here.

No point here either.

Joerg